Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause SeaMonkey to crash or,potentially, execute arbitrary code as the user running SeaMonkey.(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,CVE-2008-4062)

Several flaws were found in the way malformed web content was displayed. Aweb page containing specially crafted content could potentially trick aSeaMonkey user into surrendering sensitive information. (CVE-2008-3835,CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)

A flaw was found in the way SeaMonkey handles mouse click events. A web pagecontaining specially crafted JavaScript code could move the content windowwhile a mouse-button was pressed, causing any item under the pointer to bedragged. This could, potentially, cause the user to perform an unsafedrag-and-drop action. (CVE-2008-3837)

A flaw was found in SeaMonkey that caused certain characters to be strippedfrom JavaScript code. This flaw could allow malicious JavaScript to bypassor evade script filters. (CVE-2008-4065, CVE-2008-4066)

All SeaMonkey users should upgrade to these updated packages, which containbackported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to usethe Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188